| Message ID | 1514948431-20893-1-git-send-email-flank3rsky@gmail.com |
|---|---|
| State | Awaiting Upstream, archived |
| Delegated to: | David Miller |
| Headers | show |
| Series | nl80211: Check for the required netlink attribute presence | expand |
On Wed, 2018-01-03 at 11:00 +0800, Hao Chen wrote: > nl80211_nan_add_func() does not check if the required attribute > NL80211_NAN_FUNC_FOLLOW_UP_DEST is present when processing > NL80211_CMD_ADD_NAN_FUNCTION request. This request can be issued > by users with CAP_NET_ADMIN privilege and may result in NULL dereference > and a system crash. Add a check for the required attribute presence. Applied, thanks. johannes
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 213d0c4..2b3dbcd 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -11361,7 +11361,8 @@ static int nl80211_nan_add_func(struct sk_buff *skb, break; case NL80211_NAN_FUNC_FOLLOW_UP: if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] || - !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]) { + !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] || + !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) { err = -EINVAL; goto out; }
nl80211_nan_add_func() does not check if the required attribute NL80211_NAN_FUNC_FOLLOW_UP_DEST is present when processing NL80211_CMD_ADD_NAN_FUNCTION request. This request can be issued by users with CAP_NET_ADMIN privilege and may result in NULL dereference and a system crash. Add a check for the required attribute presence. Signed-off-by: Hao Chen <flank3rsky@gmail.com> --- net/wireless/nl80211.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)